1st Edition

The Hacker's Handbook The Strategy Behind Breaking into and Defending Networks

By Susan Young, Dave Aitel Copyright 2003
    894 Pages 195 B/W Illustrations
    by Auerbach Publications

    The Hacker’s Handbook: The Strategy Behind Breaking Into and Defending Networks, moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.

    This book is divided into three parts. Part I introduces programming, protocol, and attack concepts.  Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.

    Each section provides a “path” to hacking/security Web sites and other resources that augment existing content. Referencing these supplemental and constantly-updated resources ensures that this volume remains timely and enduring. By informing IT professionals how to think like hackers, this book serves as a valuable weapon in the fight to protect digital assets.

    Preface
    FOUNDATION MATERIAL
    Case Study in Subversion
    Know Your Opponent
    Anatomy of an Attack
    Your Defensive Arsenal
    Programming
    The Protocols (TCP/IP) (OSI Layers 2-3)
    The Protocols (TCP/IP) (OSI Layers 4-7)
    SYSTEM AND NETWORK PENETRATION
    Domain Name Service (DNS)
    Directory Services
    Simple Mail Transfer Protocol (SMTP)
    Hypertext Transfer Protocol (http)
    Database Hacking
    Malware
    Network Hardware
    CONSOLIDATION
    Consolidating Gains
    After the Fall
    Conclusion

    Biography

    Dave Aitel is the founder of Immunity, Inc. (www.immunitysec.com), with prior experience at both private industry security consulting companies and the National Security Agency. His tools, SPIKE and SPIKE Proxy, are widely regarded as the best black box application assessment tools available.Susan Young has worked in the security field for the past seven years, four of which have been spent in the security consulting arena, helping clients design and implement secure networks, training on security technologies, and conducting security assessments and penetration tests of client system or network defenses (so-called ethical hacking). Her experience has included consulting work in the defense sector and the financial industry, as well as time spent evaluating and deconstructing various security products. She currently works as a senior security consultant in the Boston area security practice of International Network Services (INS).

    “By the author’s providing a ‘hacker’ perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. The book [includes] … a good table of contents that is extensive, very organized and thorough … . … [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. … What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. … Coupled with good illustrations and detailed explanations[,] this is a great resource for both academic and public libraries.”
    — E-Streams, Vol. 7, No. 9, Sept. 2004
    “Awesome work!”
    —Anton Chuvakin, Ph.D., GCIA, GCIH, netForensics
    Promo Copy